In today’s world, it’s not uncommon to see headlines about a new instance of fraud many times a week. Whether it’s a new phishing scam targeting seniors or the arrest of a low-level employee embezzling small amounts from a local government office, most fraud-related issues are interesting to the public regardless of their profession. Since anti-fraud professionals are on the front line of fraud prevention and investigation, it’s also predictable that family and friends may turn to you for clarification of these fraud-related stories.Read More
Samantha M. Weeks, CFE
Financial institutions, retailers and the travel industry have made rewarding customers for brand loyalty a part of our everyday lives. From keychains to mobile apps, companies know their customers want to feel appreciated, and driving additional spend is a big bonus. According to a 2017 study performed by Colloquy, there are 3.8 billion individual loyalty memberships in the U.S. and 175 million verified loyalty memberships in Canada. We have even seen the value of these programs being priced above the core stream of revenue in both hotel and airline financial performance reviews.
As beneficial as these programs are to both organizations and customers, it’s important to understand the related fraud risks and establish continuous monitoring to ensure that your customers remain loyal. Not only is your customer lifetime value at stake, but breaking your customer’s confidence in your brand can make it difficult to gain new customers. The most common fraud perpetrated against loyalty programs is account takeover fraud. Designing effective monitoring helps reduce response times to customer alerts of fraud, and helps to identify and reverse theft before the customer contacts you. This will save you money and preserve the loyalty you’ve built with your membership.
Begin by quantifying the fraud in terms of customers impacted and the amount lost. If you make victim customers whole by replacing the stolen program currency (i.e. points or miles) be sure to include that in your valuations. Once velocity and impact can be communicated, the risk can be truly evaluated for priority and the need for further audit. Establish the pace in which these redemptions should be reviewed for fraud indicators and get ahead of the fulfillment of these redemptions. Create communications to educate your employees and customers on the need for unique passwords and make it clear that account takeover fraud is not a hack but a consequence of recycling passwords.
Continuous monitoring processes can be improved with tracking. Provide analytics to stakeholders regarding the fraud rate and impact to the company and customers. The largest value of this is in the information and the story that you can tell. If you are leaking revenue from your loyalty program and you don’t know how big the leak is, you could risk the very loyalty the program is building.
According to Accenture, 77% of loyalty program participants admit they will withdraw their loyalty more quickly than they would have three years ago and 43% of participants admitted to doing so because they lost trust in the company (e.g., weak personal data security). Also, customers will tell an average of 24 people, mainly through social media and review websites, about their negative experience. (Connexions Loyalty/lpsos survey data). By continuously monitoring your program and being proactive in fraud detection, you can ensure that your customers remain as loyal as you strive for them to be.
Kelly Todd, CFE
Managing member and member in charge of forensic investigations at Forensic Strategic Solutions
A quick glance at the barrage of headline news related to cyberattacks, the perpetual explosion of electronically stored information and the ease with which data can be moved and shared makes one thing obvious: a new frontier has emerged for businesses. In this dynamic electronic age, the scope of risk for businesses is growing — in size and complexity — at such a rate that traditional risk management measures are simply not enough. While the “new frontier” has the potential to leave unsuspecting businesses exposed to a host of new risks, it is also creating a host of opportunities for those of us fighting fraud.
Threat: The Trusted Employee
Frauds committed through the use of a computer and its network is one of the fastest growing threats for businesses. According to Ernst & Young’s 2016 Global Forensic Data Analytics Survey, nine out of nine industries rate the threat of a cyberbreach as a their top risk. While the latest news focuses on hackers and cybercriminals, there is an equally dangerous, but perhaps less obvious, threat to corporate assets. While trusted employees are moving, sharing and exposing corporate data just to do their jobs, the malicious employee or contractor with authorized access may be deliberately taking confidential information for personal gain or other nefarious reasons. Whether internal or external, the threat posed by these cybercriminals is real. Threats include the disruption of operations, the wrongful transfer of funds and the theft of intellectual property, confidential information or other critical assets.
Tools to Respond: Data Analytics
The dynamic nature of technology threats requires a proactive response. While external auditors and C-suite executives have long been reluctant to embrace advanced data analytics as a proactive tool — or even as a reactive tool — to ferret out fraud, the tide seems to be turning with the increased threat that cybercrime poses.
Advanced data analytics provide the ability to collect and analyze data, both structured (think transactional data) and unstructured (email, voicemail, internet logs, text messages, social media, blogs or free text fields in a database), to prevent, detect, monitor and investigate potentially improper transactions, events or patterns of behavior related to misconduct, fraud or noncompliance issues.
As fraud examiners, we know a picture says a thousand words — and nothing tells a story better than data. The use of data visualization tools is on the rise for business intelligence, as well as detecting patterns and relationships indicative of fraud. With the explosion of electronic data, data visualization allows for communicating key aspects of complex and voluminous data in a more intuitive way. Effective visualization — which is both an art and a science — combined with advanced data analytics helps users identify patterns and relationships.
With the increased acceptance of advanced data analytics — not to mention emerging technologies, such as blockchain (a topic that goes well beyond the scope of this blog) — dramatic opportunities abound for fraud examiners.
Valuable skills for the new frontier include:
- The technical skills to understand the information systems and how to collect relevant and reliable data.
- An expertise in data analytics to relate data from disparate systems, design queries, recognize patterns, interpret and report on results.
- Institutional knowledge or investigative skills to understand the relevant risks and controls, and to collaborate in the interpretation of results in the context of the associated risks.
As risks continue to grow in the industry, staying up-to-date with the latest tools and resources will be critical. As we look to spread knowledge during International Fraud Awareness Week, it’s also crucial that as fraud professionals we commit ourselves to continuing our education. The biggest fraud risks are the ones we are not yet aware of, but with the right tools and expertise we can be better prepared to respond.
Jeremy Clopton, CFE, CPA, ACDA
Director, Forensics and Valuation Services
In what seems to be a pattern in investigations, a deceased woman’s FitBit was used to help solve her alleged murder. In this situation, the data from the FitBit, as well as social media activity, was used to disprove an account of events provided by her husband.
This story illustrates how data beyond the obvious can be used in investigations of all types. The same mentality can be beneficial to fraud examiners as well. The key is to consider all the potential data points available to help in an examination.
Let’s consider a financial statement manipulation scheme. While you may know the user ID that posted the entry, it is important you look even further for evidence of who actually posted it. Other relevant data points may include:
- Date/time the entry was posted
- Workstation from which the entry was posted
- User ID typically associated with that workstation, compared to the user ID posting the entry
- Was the user signed in remotely or in the office?
- Who was in the office on the date/time the entry was posted (badge access records)?
- Was there email activity or other digital activity on the workstation?
- Who actually logged in to the workstation from which the entry was posted?
Clearly there is a lot more information than just the date, debit/credit, account number and amount. As you approach your next examination, consider the following:
- What is the alleged scheme?
- What other data can help me determine what happened or who was involved?
- Are there data sources to help corroborate or refute the allegations?
- Do the patterns of activity match our expectations?
I’m not saying a FitBit and social media will help solve your next investigation, though I am confident there is quite a bit more data out there you may find useful to your case.
You can hear Jeremy speak on how to effectively communicate complex data next week at the 28th Annual ACFE Global Fraud Conference, June 18-13 in Nashville.
FROM THE RESOURCE GUIDE
Jeremy R. Clopton, CFE, CPA, ACDA, CIDA
Director, Big Data & Analytics, Digital Forensics, BKD, LLP and
H. Bryan Callahan, CFE, CPA/CFF, CVA
Director, Forensics & Valuation Services, BKD, LLP
Big data. Analytics. Machine learning. Artificial intelligence. These topics, and many others, are being used with regularity in all aspects of business — from marketing and operations to recruiting and retention. They should also be topics used regularly when discussing fraud examination techniques. According to the ACFE's 2016 Report to the Nations, proactive data monitoring and analysis were associated with the highest reduction in both median loss and median duration compared to all other anti-fraud controls.
In a recent case, analytics and machine learning were applied to the analysis of a variety of textual data sources. Much of what occurred in the scheme was off-book — not recorded in the company’s financial statements. Without transactional data to rely on, our examiners leveraged other data to use in the investigation and provided information to enhance the interview process.
A large company became aware of a potential theft scheme involving the IT director and some of his direct reports. The allegations were brought to the company’s attention by a whistleblower who had previously been terminated. The individuals involved in the scheme were taking old IT equipment that still had value and selling it on eBay. The user ID used to sell the equipment was in the company’s name, though it was not in the company’s control. Rather, the IT director linked his personal PayPal account to the “company” eBay account. All payments that came through the account deposited directly to his personal account, never remitting funds to the company.
Typically, transactional-based analytics would have been the starting point. However, without transactions to analyze, examiners turned to email and instant messages of the IT department personnel. The first approach — keyword searching — did not net much in the way of direct evidence.
The second approach — tone detection — identified a number of instant messages between the IT director and a supervisor which had a conspiratorial tone (other common tones in examinations include nervous, evasive, anxious and intimate). The topic of those communications was the eBay scheme.
In addition, tone detection also identified a couple of emails between the IT director and some female colleagues that may have been a little too “friendly” for normal professional relationships. While these were not used in this investigation, these types of results can be useful in lawsuits and investigations involving sexual harassment.
Armed with text messages, examiners interviewed the IT director who confessed to the scheme. Both machine learning — in this case specifically tone detection — and traditional analytics using keyword searching were used to successfully uncover the scheme at hand.
These topics and more are covered in the ACFE’s 2-day course, Using Data Analytics to Detect Fraud. Working through the data analysis process and assessing case studies from a data perspective, the course will help you:
- Focus on the analytics process to successfully apply analytics in your examinations.
- Learn the fundamental data analysis techniques and how to perform them in a variety of software solutions.
- Learn about advanced analytics techniques, including text analytics, visual analytics and predictive modeling.
- Strategize how to apply analytics in specific fraud schemes and develop a framework for
- that application.
Transactions, communications, technology and other assets continue to generate more data every day. The use of analytics, machine learning, artificial intelligence and other advanced analytics methods will help anti-fraud professionals evolve their methods to keep up with the complex occupational fraud landscape.
You can read more about this course and more events and seminars in our latest Resource Guide.